In the past, those responsible for a resource were responsible for controlling access to the resource. For example, if a user purchased the right to view a particular web site, either the maintainer of the web site or the party who sold the right is responsible for changing access to the web site, to allow the user to view the web site.
While this approach can work for individual users, it has limitations in the corporate environment. In the business world, the purchaser of a product tends to be the corporation, rather than an individual employee within the corporation. In addition, businesses tend to purchase numerous licenses for their employees, as typically more than one employee will use the product. Having someone associated with the company selling the product grant access to the resource is inconvenient and complicated. Such a person does not know who should be granted access and who should be denied access. Further, such a person has no way to know when access rights should be changed as company employees join and leave the company.
Even though having someone associated with the company selling the product control access rights works better when managing individual users, even here the policy has problems. Often, the person managing the resource has no contact with the person selling licenses to the resource. This means that, at the very least, there is a delay from when the seller informs the manager of the resource that a new user needs to be granted access.
A need remains for a way to allow distributed administration of resources that addresses these and other problems associated with the prior art.